Vulnerability CVE-2019-15131


Published: 2019-09-17

Description:
In Code42 Enterprise 6.7.5 and earlier, 6.8.4 through 6.8.8, and 7.0.0 a vulnerability has been identified that may allow arbitrary files to be uploaded to Code42 servers and executed. This vulnerability could allow an attacker to create directories and save files on Code42 servers, which could potentially lead to code execution.

Type:

CWE-434

(Unrestricted Upload of File with Dangerous Type)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Code42 -> Code42 

 References:
https://code42.com/r/support/CVE-2019-15131
https://support.code42.com/Terms_and_conditions/Code42_customer_support_resources/Code42_security_advisories

Copyright 2020, cxsecurity.com

 

Back to Top